Lucene search
K

7 matches found

NVD
NVD
added 2019/12/29 7:15 p.m.21 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6.1CVSS5.9AI score0.007EPSS
Exploits1References1
Prion
Prion
added 2019/12/29 7:15 p.m.23 views

Design/Logic Flaw

DISPUTED Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

4.3CVSS5.9AI score0.01315EPSS
Exploits3References1Affected Software1
Cvelist
Cvelist
added 2019/12/29 6:50 p.m.22 views

CVE-2019-20058

Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS because unsanitized search?search= input is shown on the profiler page. NOTE: this is disputed because profiling was never intended for use in production. This is related to CVE-2018-12040...

6AI score0.007EPSS
Exploits1References1
OSV
OSV
added 2018/06/13 10:29 p.m.8 views

CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

6.1CVSS5.8AI score0.01315EPSS
Exploits2References2
CVE
CVE
added 2018/06/13 10:0 p.m.74 views

CVE-2018-12040

CVE-2018-12040 reports a reflected XSS vulnerability in SensioLabs Symfony 3.3.6's Web Profiler, exploitable via the file parameter in _profiler/open?file=. The issue is documented across multiple feeds (NVD/OSV) and is described as a vulnerability in the web profiler that should not be deployed ...

6.1CVSS5.8AI score0.01315EPSS
Exploits2References2Affected Software1
Debian CVE
Debian CVE
added 2018/06/13 10:0 p.m.33 views

CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

6.1CVSS6AI score0.01315EPSS
Exploits2
Packet Storm
Packet Storm
added 2018/06/09 12:0 a.m.78 views

SensioLabs Symfony 3.3.6 Cross Site Scripting

SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Date: 08-06-2018 Software Link: https://symfony.com/ Exploit Author: HaMM0nz Chakrit S., a member of KPMG Cyber Security team in Thailand CVE:...

6.3AI score0.01315EPSS
Exploits2
Rows per page
Query Builder